Due to recent security changes, Microsoft has made security changes to how you are able to connect to the SMTP server for your Office 365 email.
The below steps will walk you through setting up your Office 365 to be able to connect to third party email programs using an App Password.
PLEASE NOTE - This is a temporary fix. Microsoft will be disabling Basic Authentication on October 1, 2022, and will be enforcing modern authentication. Our development team has been hard at work to meet the modern authentication protocols since Microsoft announced the change back in September 2021.
Make sure to follow each step below, skipping a step will result in a failure to connect. These steps will need to be repeated for each employee you need to setup.
STEP 1 - Enable SMTP Authentication
If purchased through Microsoft:
- Open the Microsoft 365 admin center (https://admin.microsoft.com/) and go to Users > Active users.
- Select the user, and in the flyout that appears, select Mail.
- In the Email apps section, select Manage email apps.
- Enable the Authenticated SMTP setting by checking the box.
- When you're finished, select Save changes.
If purchased through GoDaddy:
- Sign in to your Email & Office Dashboard (use your GoDaddy username and password).
- Select Manage next to the user you are enabling.
- Scroll down to Account information and select Advanced Settings.
- Select Continue to confirm enabling SMTP Authentication.
If SMTP Authentication is off, turn it on. If it is already on, please move to next step.
STEP 2 - Enable Legacy SMTP
Log into your Microsoft Exchange Account with your admin credentials: https://admin.exchange.microsoft.com/
In the left menu, click on ‘Settings’.
Then click on ‘Mail flow’
Under ‘Security’, check the box next to ‘Turn on use of legacy TLS clients.’
Make sure the box for 'Turn off SMTP AUTH protocol for your organization' is unchecked.
If it is checked, uncheck it and click ‘Save’. You can now close this tab.
STEP 3 - Enable MFA (Multi-Factor Authentication)
Log into your Outlook on the web: https://outlook.office.com/mail/inbox
Once signed in, go to: https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx
Next to the user you are working on, if it says ‘Disabled’ under the MULTI-FACTOR AUTH STATUS, click on the user and in the side window that appears on the right, click on ‘Enable’
Once it is Enabled, click on the user again, this time click on ‘Enforce’
Next, log into Outlook, or have that user log in - https://outlook.office.com/mail/inbox
If you have not setup your Multi Factor authentication yet, there will now appear a prompt to setup your sign-in methods. If you already have it setup for your account, move on to Step 4.
Setting Up Your Sign-In Methods
You can choose to use an Authenticator app, however, if you do not want to use an authenticator app, you can click on 'I want to use a different method' at the bottom. We suggest using the 'Phone Number' option for this step.
Follow the prompts to setup that authentication method.
You will then need to setup a back-up method. Again, if you do not want to use an authenticator app, click on 'I want to use a different method'. If not using an authenticator app, for this step we suggest using 'Email'. You will need to enter a different email address than the one you are setting up.
Follow the prompts to complete this step.
Next, Microsoft will ask you to setup an App Password, this is not one that can be used for your DJEP account, so name it anything you want.
Once finished, move on to Step 4.
STEP 4 - Creating an App Password for DJEP
Log in to the Additional Security Verification page with your Microsoft username and password for the user that is being setup: https://account.activedirectory.windowsazure.com/proofup.aspx
You can also get here by logging into https://myaccount.microsoft.com/ and clicking on ‘Security Info – UPDATE INFO’
In the Security Info screen, click on ‘Add sign-in method’ at the top of the table.
In the ‘Choose a method’ dropdown, select ‘App password’
Enter a name for this App password, it must be 8 characters in length. The name is for your reference only so you know what you created the password for.
Click ‘Next’
DO NOT CLOSE THIS WINDOW – If you close it without copying the generated password, you will not be able to view it again and will need to create a new one.
It is suggested to copy this password and paste into a text file for later reference if needed.
STEP 5 – Setting up Outgoing Server in DJEP
Log into DJEP -> Setup -> Emails -> Settings
Click on the employee type you are working on to expand it.
Under the employee that is being setup, click on ’Setup’ or ‘Edit’ next to ‘Outgoing Server’
Enter the below credentials:
Username: YOUR FULL EMAIL ADDRESS
Password: THE COPIED PASSWORD THAT YOU JUST CREATED
Outgoing SMTP Server: smtp.office365.com or smtp-mail.outlook.com
Outgoing Port Number: 587
Click on ‘Save Settings’
If you followed all of the steps above, you should receive a ‘Connected Successfully’ message.
If you receive an error message here, please repeat the above steps to ensure no steps were skipped.
PLEASE NOTE:
If you run an Outgoing Email Connection Test (Setup -> Email s-> Help/FAQ -> Outgoing Email Connection Test) You will still receive an error, this is how Microsoft has opted to let users know that they have updated their security measures, this should not affect email sending.
Once you have your outgoing server configured correctly in your DJEP account, it is advised to run a ‘Mail Deliverability Test’.
Log into DJEP -> Setup -> Emails -> Help/FAQ -> MAIL DELIVERABILITY TEST -> START THE TEST
This will provide you feedback on if there are any additional issues with SPF records, DKIM, DMARK, and Blacklists.
If you have errors found in the test, you will need to reach out to your email provider directly to resolve.
IMPORTANT:
If you change your Microsoft password, it will delete any app passwords you have created and you will need to repeat steps 4 and 5.
